1RNGD(8)                     System Manager's Manual                    RNGD(8)
2
3
4

NAME

6       rngd - Check and feed random data from hardware device to kernel random
7       device
8
9

SYNOPSIS

11       rngd [-b, --background] [-f, --foreground] [-d, --debug]  [-l,  --list]
12       [-x,  --exclude] [-n, --include] [-O, --option] [-i, --ignorefail] [-o,
13       --random-device=file]  [-p,  --pid-file=file]  [-r,  --rng-device=file]
14       [-s,  --random-step=nnn]  [-t,  --test] [-W, --fill-watermark=nnn] [-q,
15       --quiet] [-?, --help] [-V, --version]
16
17

DESCRIPTION

19       This daemon feeds data from a random number generator to  the  kernel's
20       random  number  entropy  pool,  after first checking the data to ensure
21       that it is properly random.
22
23       The -f or --foreground options can be used to tell rngd to avoid  fork‐
24       ing  on  startup.   This  is  typically  used for debugging.  The -b or
25       --background options, which fork and put rngd into the background auto‐
26       matically, are the default.
27
28       The  -r  or  --rng-device  options  can  be used to select an alternate
29       source of input, besides the default /dev/hwrng.  The -o  or  --random-
30       device  options  can  be  used  to  select  an alternate entropy output
31       device, besides the default /dev/random.  Note that  this  device  must
32       support the Linux kernel /dev/random ioctl API.
33

OPTIONS

35       -b, --background
36              Become a daemon (default)
37
38       -f, --foreground
39              Do not fork and become a daemon
40
41       -d, --debug
42              Enable debug messages
43
44       -l, --list
45              List  the  indexes  and names of available entropy sources. Exit
46              code when listing sources is 0 if at least 1 entropy source  was
47              found and initialized, 1 otherwise.
48
49       -x, --exclude
50              Disable  entropy  sources based on index or (shortname) reported
51              from --list option
52
53       -n, --include
54              Enable entropy sources based on index  or  (shortname)  reported
55              from --list option
56
57       -O, --option
58              Provide  specific  config options to individual entropy sources,
59              in the format --option [index|shortname]:key:value.  See Entropy
60              Sources  section below for indicies and source specific options.
61              Note that specifying -O  [<index>|<shortname>]  will  print  the
62              available options for that index to the console
63
64       -p file, --pid-file=file
65              File  used  for  recording  daemon  PID,  and multiple exclusion
66              (default: /var/run/rngd.pid)
67
68       -i, --ignorefail
69              Ignore repeated fips failures
70
71       -o file, --random-device=file
72              Kernel device used for random number output (default:  /dev/ran‐
73              dom)
74
75       -r file, --rng-device=file
76              Kernel device used for random number input (default: /dev/hwrng)
77
78       -s nnn, --random-step=nnn
79              Number of bytes written to random-device at a time (default: 64)
80
81       -t, --test
82              Enter test mode.  In this mode (which implies -f), all generated
83              entropy is discarded and rngd reports the amount of entropy gen‐
84              erated every second
85
86       -e nnn, --entropy-count=nnn
87              Number  of  bits to consider random when adding entropy. 1<=e<=8
88              (default: 8)
89
90       -W n, --fill-watermark=nnn
91              Once we start doing it, feed entropy to random-device  until  at
92              least  fill-watermark  bits  of  entropy  are  available  in its
93              entropy pool.  By default, this value  is  set  to  75%  of  the
94              entropy pool size or 2048 bits if the entropy pool size couldn't
95              be determined.  Setting this too high will cause rngd  to  domi‐
96              nate  the  contents  of  the entropy pool.  Low values will hurt
97              system performance during entropy starves.   Do  not  set  fill-
98              watermark  above  the  size  of  the  entropy pool (usually 4096
99              bits).  A value of 0 to this option will cause no  watermark  to
100              be set.
101
102
103       -q, --quiet
104              Suppress all messages
105
106       -?, --help
107              Give a short summary of all program options.
108
109       -V, --version
110              Print program version
111
112

ENTROPY SOURCES

114       Hardware RNG (hwrng) [Index 0]
115              The  Hardware RNG is a generic entropy source that draws entropy
116              from a hardware rng attached by default to /dev/hwrng
117
118
119       TPM (tpm) [Index 1]
120              Entropy drawn from on  board  TPM  device.   Note  this  entropy
121              source  is  deprecated  and  will  be removed soon, as newer tpm
122              devices export entropy via /dev/hwrng, which is collected by the
123              hwrng source above
124
125
126       RDRAND/RDSEED (rdrand) [Index 2]
127              Entropy drawn from the RDRAND and RDSEED instructions (x86 only)
128
129       Options
130
131              use_aes  -   select if rdrand is used to seed a cprng to produce
132              entropy, or  if  all  entropy  is  drawn  directly  from  rdrand
133              instruction (default 0)
134
135
136       DARN (darn) [Index 3]
137              Entropy drawn from the DARN instruction (ppc64 only)
138
139       Options
140
141              use_aes  -   select  if  the  power  darn instruction is used to
142              directly fill the entropy poll, or if it is used as  a  periodic
143              seed to an aes based cprng (default 1)
144
145
146       NIST Entropy Beacon (nist) [Index 4]
147              Entropy  gathered  from  the  NIST network entropy beacon.  Note
148              that this entropy source is disabled by  default  as  it  should
149              never  be  used  for  cryptographic purposes, or any use case in
150              which random data should be known only by a single entity.
151
152
153       JITTER (jitter) [Index 5]
154              Entropy gathered by measuring timing variance of  operations  on
155              the local cpu
156
157       Options
158              thread_count  -   Set  the  number  of  threads  that the jitter
159              entropy source will spawn
160
161              buffer_size -  Set the size of the buffer cache that each thread
162              maintains
163
164              refill_thresh  -  Set the low watermark for the cache that trig‐
165              gers its corresponding thread to start refill operations
166
167              retry_count -  If all entropy buffers are empty, retry this many
168              times  before  giving up.  Note that jitterentropy can take sev‐
169              eral seconds to refill a buffer, and so retries  after  a  delay
170              may  be  preferable  to  repeatedly  spining  on an empty buffer
171              (default 1)
172
173              retry_delay -  between each retry for retry_count  above,  sleep
174              for  this many seconds. May also be the special value -1, repre‐
175              senting adaptive sleep, where each retry delay will be half  the
176              recorded  execution  time  of  the  last entropy gathering round
177              (default -1)
178
179
180       PKCS11 (pkcs11) [Index 6]
181              Entropy gathered  via  the  opensc  openssl  engine,  which  can
182              extract entropy from various smart card readers
183
184       Options
185              engine_path -  Set the patch for the pkcs11 engine DSO to load
186
187              chunk_size  -  Some pkcs11 engines have restrictions on how much
188              data can be requested at a time,  this  option  allows  for  the
189              request to be subdivided into smaller chunks to be satisfied
190
191

AUTHORS

193       Philipp Rumpf
194       Jeff Garzik - jgarzik@pobox.com
195       Matt Sottek
196       Brad Hill
197       Neil Horman - nhorman@tuxdriver.com
198
199
200
201rng-tools 6.9                     March 2001                           RNGD(8)
Impressum